Snort mailing list archives
Re: Snort With Base Access Without Delete
From: "Galley, Daniel" <dgalley () dentistry ucla edu>
Date: Tue, 11 May 2010 14:15:34 -0700
One way to do this would be to create another DB user that only has read privileges on the tables. Then make a copy of your base folder and edit the configuration to use this read-only DB user instead of the standard DB user. Give your helpdesk login rights to this instance of BASE and not the other. Does that make sense? Daniel S. Galley -----Original Message----- From: IT Security [mailto:itsecurity () radford edu] Sent: Friday, May 07, 2010 11:54 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort With Base Access Without Delete This may be a silly question and more related to BASE than to Snort, but we can't seem to figure it out, so here goes... We're running Snort 2.8.6 and sending alerts to a mysql DB with BASE 1.4.5 as the frontend and would like to provide read-only access to BASE to our Helpdesk staff. The problem is that any BASE user can delete alerts. We've configured the sensor access and BASE access DB permissions per the documentation. We've tried adding plain users to BASE, but it seems anyone who can log into BASE have access to the underlying DB as the BASE DB user, and that user has DELETE on most all snort.* tables. Have others dealt with this? Are we over-looking something obvious? We looked at Snorby and Squil, but prefer to stick with BASE. Thanks for any suggestions. ------------------------------------------------------------------------ ------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort With Base Access Without Delete IT Security (May 07)
- Re: Snort With Base Access Without Delete Galley, Daniel (May 11)
- Re: Snort With Base Access Without Delete Jeff Kell (May 12)
- Re: Snort With Base Access Without Delete Galley, Daniel (May 11)